Web Browser Security
Your browser can expose your private information, allow harm to your workstation, or just display bogus information.
To access and display information from remote servers, your browser makes connections over the Internet. The requests and responses are in plain text and can be read or altered by anyone with access to some part of the Internet path between your browser and the server. Additionally some responses contain active content such as scripts and programs which may send information back to the server, install Trojans, or cause harm to your workstation.
Privacy, integrity, and authenticity are security goals that can be accomplished by using the built-in capabilities and features of your browser. Privacy assures that your information is seen only by authorized persons and services. Integrity assures that the information is intact and that your workstation is not harmed. Authenticity assures that your browser and the server have been correctly identified, and that all requests and responses are between those two parties and none other.
These goals are accomplished by use of cryptography, authentication, and browser restrictions. Cryptography is used to assure the privacy and integrity of the requests and responses. Content is encrypted so that it can be read only by others who know the key. This assures integrity, continuity of authentication, and even authentication itself. Authentication assures the identity of the parties to a communication. Restriction blocks use of risky or undesirable methods.
The primary cryptographic technology used by browsers is Socket Layer (SSL). SSL provides authentication of the remote server and the privacy and integrity of the connection to that server. Once such a secure connection is established, the web site can use forms or HTTP Basic Authentication to identify you, their customer.
The strength of a particular cipher depends on its method, its key size, and associated handling procedures. All of these must be correctly implemented or the cipher is weakened. The key is a number that is used to control the mathematical method used to encrypt and decrypt prtotected contents. Specific procedures must be used to generate the key, store the key, and exchange the key..
Do not click on any Install Certificate button or equivalent for your browser unless you are very sure that you want to trust that Certificate Authority in the future. See the individual browser version descriptions to find out the CA certificates that your browser considers "Authorities". In most cases it is better to manually approve the occasional use of certificates for the few times that you will use them rather than to install their CA certificate.
[Under Construction ...]
Page modified: 06 Nov 2011 15:47:56 -0800